package com.samphanie.dries.config;

import com.samphanie.dries.security.authentication.ldap.LDAPMultiAuthenticationProvider;
import lombok.RequiredArgsConstructor;
import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;

/**
 * @Description:
 * @Author ZSY
 * @createTime 2021/2/25 16:25
 */
@RequiredArgsConstructor
@Configuration
@Order(100)
public class LoginSecurityConfig extends WebSecurityConfigurerAdapter {

    private final AuthenticationSuccessHandler restAuthenticationSuccessHandler;
    private final AuthenticationFailureHandler restAuthenticationFailureHandler;
    private final LogoutSuccessHandler restLogoutSuccessHandler;

    private final DaoAuthenticationProvider daoAuthenticationProvider;
    private final LDAPMultiAuthenticationProvider ldapMultiAuthenticationProvider;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests(req -> req.anyRequest().authenticated())
                .formLogin(form -> form.loginPage("/login")
                        .failureUrl("/login?error")
//                        .usernameParameter("username")
                                .defaultSuccessUrl("/")
                                .successHandler(restAuthenticationSuccessHandler)
                                .failureHandler(restAuthenticationFailureHandler)
                                .permitAll()
                )
                .logout(logout -> logout
                        .logoutUrl("/logout")
                        .logoutSuccessHandler(restLogoutSuccessHandler)
                )
                .rememberMe(remember -> remember
                        .key("someSecret")
                        .tokenValiditySeconds(30 * 24 * 3600)
//                        .rememberMeCookieName("someKeyToRemember")
                )
                .httpBasic(Customizer.withDefaults()) // 显示浏览器对话框，需要禁用 CSRF ，或添加路径到忽略列表
//                .csrf(csrf -> csrf.ignoringAntMatchers(
//                        "/authorize/**", "/admin/**", "/api/**"
//                ))
        ;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(daoAuthenticationProvider);
        auth.authenticationProvider(ldapMultiAuthenticationProvider);
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web
                .ignoring()
//                .antMatchers("/error/**")
                .requestMatchers(PathRequest.toStaticResources().atCommonLocations());
    }
}
